1OC EX DIAGNOSTICS(1)               June 2016              OC EX DIAGNOSTICS(1)
2
3
4

NAME

6       oc  ex  diagnostics securitycontextconstraints - Check that the default
7       SecurityContextConstraints are present and contain the expected permis‐
8       sions
9
10
11

SYNOPSIS

13       oc ex diagnostics securitycontextconstraints [OPTIONS]
14
15
16

DESCRIPTION

18       Runs the SecurityContextConstraints diagnostic.
19
20
21       Check  that the default SecurityContextConstraints are present and con‐
22       tain the expected permissions
23
24
25

OPTIONS

27       --cluster-context=""
28           Client context to use for cluster administrator
29
30
31       -l, --diaglevel=1
32           Level of diagnostic output: 4: Error, 3: Warn, 2: Notice, 1:  Info,
33       0: Debug
34
35
36       --loglevel=0
37           Set the level of log output (0-10)
38
39
40       --logspec=""
41           Set per module logging with file|pattern=LEVEL,...
42
43
44       --prevent-modification=false
45           If  true,  may be set to prevent diagnostics making any changes via
46       the API
47
48
49

OPTIONS INHERITED FROM PARENT COMMANDS

51       --allow_verification_with_non_compliant_keys=false
52           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
53       non-compliant with RFC6962.
54
55
56       --alsologtostderr=false
57           log to standard error as well as files
58
59
60       --application_metrics_count_limit=100
61           Max number of application metrics to store (per container)
62
63
64       --as=""
65           Username to impersonate for the operation
66
67
68       --as-group=[]
69           Group  to  impersonate for the operation, this flag can be repeated
70       to specify multiple groups.
71
72
73       --azure-container-registry-config=""
74           Path to the file containing Azure container registry  configuration
75       information.
76
77
78       --boot_id_file="/proc/sys/kernel/random/boot_id"
79           Comma-separated  list  of files to check for boot-id. Use the first
80       one that exists.
81
82
83       --cache-dir="/builddir/.kube/http-cache"
84           Default HTTP cache directory
85
86
87       --certificate-authority=""
88           Path to a cert file for the certificate authority
89
90
91       --client-certificate=""
92           Path to a client certificate file for TLS
93
94
95       --client-key=""
96           Path to a client key file for TLS
97
98
99       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
100           CIDRs opened in GCE firewall for LB traffic proxy  health checks
101
102
103       --cluster=""
104           The name of the kubeconfig cluster to use
105
106
107       --container_hints="/etc/cadvisor/container_hints.json"
108           location of the container hints file
109
110
111       --containerd="unix:///var/run/containerd.sock"
112           containerd endpoint
113
114
115       --context=""
116           The name of the kubeconfig context to use
117
118
119       --default-not-ready-toleration-seconds=300
120           Indicates    the    tolerationSeconds   of   the   toleration   for
121       notReady:NoExecute that is added by default to every pod that does  not
122       already have such a toleration.
123
124
125       --default-unreachable-toleration-seconds=300
126           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
127       able:NoExecute that is added by default to  every  pod  that  does  not
128       already have such a toleration.
129
130
131       --docker="unix:///var/run/docker.sock"
132           docker endpoint
133
134
135       --docker-tls=false
136           use TLS to connect to docker
137
138
139       --docker-tls-ca="ca.pem"
140           path to trusted CA
141
142
143       --docker-tls-cert="cert.pem"
144           path to client certificate
145
146
147       --docker-tls-key="key.pem"
148           path to private key
149
150
151       --docker_env_metadata_whitelist=""
152           a  comma-separated  list of environment variable keys that needs to
153       be collected for docker containers
154
155
156       --docker_only=false
157           Only report docker containers in addition to root stats
158
159
160       --docker_root="/var/lib/docker"
161           DEPRECATED: docker root is read from docker info (this is  a  fall‐
162       back, default: /var/lib/docker)
163
164
165       --enable_load_reader=false
166           Whether to enable cpu load reader
167
168
169       --event_storage_age_limit="default=24h"
170           Max length of time for which to store events (per type). Value is a
171       comma separated list of key values, where  the  keys  are  event  types
172       (e.g.: creation, oom) or "default" and the value is a duration. Default
173       is applied to all non-specified event types
174
175
176       --event_storage_event_limit="default=100000"
177           Max number of events to store (per type). Value is  a  comma  sepa‐
178       rated  list  of  key values, where the keys are event types (e.g.: cre‐
179       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
180       applied to all non-specified event types
181
182
183       --global_housekeeping_interval=0
184           Interval between global housekeepings
185
186
187       --housekeeping_interval=0
188           Interval between container housekeepings
189
190
191       --insecure-skip-tls-verify=false
192           If true, the server's certificate will not be checked for validity.
193       This will make your HTTPS connections insecure
194
195
196       --kubeconfig=""
197           Path to the kubeconfig file to use for CLI requests.
198
199
200       --log-flush-frequency=0
201           Maximum number of seconds between log flushes
202
203
204       --log_backtrace_at=:0
205           when logging hits line file:N, emit a stack trace
206
207
208       --log_cadvisor_usage=false
209           Whether to log the usage of the cAdvisor container
210
211
212       --log_dir=""
213           If non-empty, write log files in this directory
214
215
216       --logtostderr=true
217           log to standard error instead of files
218
219
220       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
221           Comma-separated list of files to  check  for  machine-id.  Use  the
222       first one that exists.
223
224
225       --match-server-version=false
226           Require server version to match client version
227
228
229       -n, --namespace=""
230           If present, the namespace scope for this CLI request
231
232
233       --request-timeout="0"
234           The  length  of  time  to  wait before giving up on a single server
235       request. Non-zero values should contain a corresponding time unit (e.g.
236       1s, 2m, 3h). A value of zero means don't timeout requests.
237
238
239       -s, --server=""
240           The address and port of the Kubernetes API server
241
242
243       --stderrthreshold=2
244           logs at or above this threshold go to stderr
245
246
247       --storage_driver_buffer_duration=0
248           Writes  in  the  storage driver will be buffered for this duration,
249       and committed to the non memory backends as a single transaction
250
251
252       --storage_driver_db="cadvisor"
253           database name
254
255
256       --storage_driver_host="localhost:8086"
257           database host:port
258
259
260       --storage_driver_password="root"
261           database password
262
263
264       --storage_driver_secure=false
265           use secure connection with database
266
267
268       --storage_driver_table="stats"
269           table name
270
271
272       --storage_driver_user="root"
273           database username
274
275
276       --token=""
277           Bearer token for authentication to the API server
278
279
280       --user=""
281           The name of the kubeconfig user to use
282
283
284       -v, --v=0
285           log level for V logs
286
287
288       --version=false
289           Print version information and quit
290
291
292       --vmodule=
293           comma-separated list of pattern=N settings for  file-filtered  log‐
294       ging
295
296
297

SEE ALSO

299       oc-ex-diagnostics(1),
300
301
302

HISTORY

304       June 2016, Ported from the Kubernetes man-doc generator
305
306
307
308Openshift                  Openshift CLI User Manuals     OC EX DIAGNOSTICS(1)
Impressum